Vulnerabilities (CVE)

Filtered by vendor Sandstorm Subscribe
Filtered by product Sandstorm
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-6201 1 Sandstorm 1 Sandstorm 2024-02-04 5.5 MEDIUM 8.1 HIGH
A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs directly.
CVE-2017-6200 1 Sandstorm 1 Sandstorm 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name.
CVE-2017-6199 1 Sandstorm 1 Sandstorm 2024-02-04 7.5 HIGH 9.8 CRITICAL
A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field.
CVE-2017-6198 1 Sandstorm 1 Sandstorm 2024-02-04 6.8 MEDIUM 6.5 MEDIUM
The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space.